﻿@model CreateOpenIdApplicationViewModel
@using OrchardCore.OpenId.ViewModels;
@using OrchardCore.OpenId.Models;
@using OrchardCore.OpenId.Settings;
@{ 
    var openIdSettings = ViewData["OpenIdSettings"] as OpenIdSettings;
}
<h1>@RenderTitleSegments(T["Create OpenID Connect Application"])</h1>

<div asp-validation-summary="ModelOnly"></div>
<form asp-action="Create" method="post">
    <div class="form-group" asp-validation-class-for="ClientId">
        <label asp-for="ClientId">@T["Client Id"]</label>
        <span asp-validation-for="ClientId" class="text-danger">@T["The Client Id is required."]</span>
        <input asp-for="ClientId" class="form-control" autofocus />
    </div>
    <div class="form-group" asp-validation-class-for="DisplayName">
        <label asp-for="DisplayName">@T["Display Name"]</label>
        <span asp-validation-for="DisplayName" class="text-danger">@T["The Display Name is required."]</span>
        <input asp-for="DisplayName" class="form-control" autofocus />
    </div>
    <div class="form-group" asp-validation-class-for="Type">
        <label asp-for="Type">@T["Type"]</label>
        <select asp-for="Type" class="form-control">
            <option value="@ClientType.Confidential">@ClientType.Confidential.ToString()</option>
            <option value="@ClientType.Public">@ClientType.Public.ToString()</option>
        </select>
        <div class="hint">@T["Confidential applications MUST send their client secret when communicating with the token and revocation endpoints. This guarantees that only the legit client can exchange an authorization code or get a refresh token."]</div>
    </div>
    <div class="form-group" asp-validation-class-for="ClientSecret">
        <label asp-for="ClientSecret">@T["Client Secret"]</label>
        <span asp-validation-for="ClientSecret" class="text-danger"></span>
        <input asp-for="ClientSecret" class="form-control" autofocus />
    </div>
    <div class="form-group" asp-validation-class-for="ConfirmClientSecret">
        <label asp-for="ConfirmClientSecret">@T["Confirm Client Secret"]</label>
        <span asp-validation-for="ConfirmClientSecret" class="text-danger">@T["The Confirm Client Secret is required."]</span>
        <input asp-for="ConfirmClientSecret" class="form-control" autofocus />
    </div>

    <h3>Flows</h3>
    <fieldset id="AllowAuthorizationCodeFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowAuthorizationCodeFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowAuthorizationCodeFlow" type="checkbox" data-toggle="collapse" data-target="#AllowAuthorizationCodeFlowRecommendedHint" class="form-check-input" checked="@Model.AllowAuthorizationCodeFlow" />
                @T["Allow Authorization Code Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth</a></div>
        <div id="AllowAuthorizationCodeFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'code', client_id, client_secret, resource = '@openIdSettings.Authority', scope ('openid, profile, roles)')</div>
    </fieldset>

    <fieldset id="AllowHybridFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowHybridFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowHybridFlow" type="checkbox" data-toggle="collapse" data-target="#AllowHybridFlowRecommendedHint" class="form-check-input" checked="@Model.AllowHybridFlow" />
                @T["Allow Hybrid Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#HybridFlowAuth</a></div>
        <div id="AllowHybridFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'code id_token', client_id, client_secret, resource = '@openIdSettings.Authority', scope ('openid, profile, roles)')</div>
    </fieldset>

    <fieldset id="AllowImplicitFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowImplicitFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowImplicitFlow" type="checkbox" data-toggle="collapse" data-target="#AllowImplicitFlowRecommendedHint" class="form-check-input" checked="@Model.AllowImplicitFlow" />
                @T["Allow Implicit Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth">http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth</a></div>
        <div id="AllowImplicitFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'id_token token', client_id, client_secret, redirect_uri ='', nonce, resource = '@openIdSettings.Authority' , scope ('openid, profile, roles')</div>
    </fieldset>

    <fieldset id="AllowPasswordFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowPasswordFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowPasswordFlow" type="checkbox" data-toggle="collapse" data-target="#AllowPasswordFlowRecommendedHint" class="form-check-input" checked="@Model.AllowPasswordFlow" />
                @T["Allow Password Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.3">https://tools.ietf.org/html/rfc6749#section-1.3.3</a></div>
        <div id="AllowPasswordFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'password', client_id, client_secret, username, password, resource = '@openIdSettings.Authority' , scope ('openid, profile, roles)')</div>
    </fieldset>

    <fieldset id="AllowClientCredentialsFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowClientCredentialsFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowClientCredentialsFlow" type="checkbox" data-toggle="collapse" data-target="#AllowClientCredentialsFlowRecommendedHint" class="form-check-input" checked="@Model.AllowClientCredentialsFlow" />
                @T["Allow Client Credentials Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="https://tools.ietf.org/html/rfc6749#section-1.3.4">https://tools.ietf.org/html/rfc6749#section-1.3.4</a></div>
        <div id="AllowClientCredentialsFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'client_credentials', client_id, client_secret, resource = '@openIdSettings.Authority' , scope ('openid, profile, roles')</div>
    </fieldset>

    <fieldset id="AllowRefreshTokenFlowFieldSet" class="form-group collapse" asp-validation-class-for="AllowRefreshTokenFlow">
        <div class="form-check">
            <label class="form-check-label">
                <input asp-for="AllowRefreshTokenFlow" type="checkbox" data-toggle="collapse" data-target="#AllowRefreshTokenFlowRecommendedHint" class="form-check-input" checked="@Model.AllowRefreshTokenFlow" disabled=@((Model.AllowPasswordFlow || Model.AllowAuthorizationCodeFlow || Model.AllowHybridFlow) ? null : "") />
                @T["Allow Refresh Token Flow"]
            </label>
        </div>
        <div class="hint">@T["More info:"] <a href="http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens">http://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens</a></div>
        <div id="AllowRefreshTokenFlowRecommendedHint" class="hint collapse">@T["Recommended Parameters:"] grant_type = 'refresh_token', client_id, client_secret, refresh_token</div>
    </fieldset>

    <div id="RedirectSection" class="form-group collapse">
        <div asp-validation-class-for="RedirectUri">
            <label asp-for="RedirectUri">@T["Redirect Uri"]</label>
            <span asp-validation-for="RedirectUri" class="text-danger">@T["The Redirect Uri is required."]</span>
            <input asp-for="RedirectUri" class="form-control" autofocus />
        </div>
        <div asp-validation-class-for="LogoutRedirectUri">
            <label asp-for="LogoutRedirectUri">@T["Logout Redirect Uri"]</label>
            <span asp-validation-for="LogoutRedirectUri" class="text-danger">@T["The Logout Redirect Uri is required."]</span>
            <input asp-for="LogoutRedirectUri" class="form-control" autofocus />
        </div>
        <div asp-validation-class-for="SkipConsent">
            <label class="form-check-label">
                <input asp-for="SkipConsent" type="checkbox" class="form-check-input" checked="@Model.SkipConsent" />
                @T["Skip user-consent screen"]
            </label>
            <div class="hint">@T["It skips the user-consent screen after login in identity server."]</div>
        </div>
    </div>

    <div class="form-group collapse" id="RoleGroup" name="RoleGroup">
        <h6>@T["Client Credentials Roles"]</h6>
        @for (var i = 0; i < Model.RoleEntries.Count; i++)
        {
            <div class="form-check">
                <label class="form-check-label" asp-for="RoleEntries[i].Selected">
                    <input class="form-check-input" type="checkbox" asp-for="RoleEntries[i].Selected" />
                    <input type="hidden" asp-for="RoleEntries[i].Name" />
                    @Model.RoleEntries[i].Name
                </label>
            </div>
        }
    </div>

    <fieldset>
        <div class="form-group">
            <button class="btn btn-primary" type="submit">@T["Save"]</button>
            <a class="btn btn-secondary" asp-route-action="Index">@T["Cancel"]</a>
        </div>
    </fieldset>
</form>
<script at="Foot" type="text/javascript">
    //<![CDATA[
    window.onload = function () {
        refreshForbiddenFlows();
        refreshClientSecret('@ClientType.Confidential');
        refreshFlows();
        refreshOfflineAccessTip(false);

            function refreshForbiddenFlows() {
            if (@(openIdSettings.AllowAuthorizationCodeFlow.ToString().ToLower()) == true) {
                $("#AllowAuthorizationCodeFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowAuthorizationCodeFlowFieldSet").collapse("hide");
                $("#AllowAuthorizationCodeFlow").prop("checked", false);
            }

            if (@(openIdSettings.AllowHybridFlow.ToString().ToLower()) == true) {
                $("#AllowHybridFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowHybridFlowFieldSet").collapse("hide");
                $("#AllowHybridFlow").prop("checked", false);
            }

            if (@(openIdSettings.AllowImplicitFlow.ToString().ToLower()) == true) {
                $("#AllowImplicitFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowImplicitFlowFieldSet").collapse("hide");
                $("#AllowImplicitFlow").prop("checked", false);
            }


            if (@(openIdSettings.AllowPasswordFlow.ToString().ToLower()) == true) {
                $("#AllowPasswordFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowPasswordFlowFieldSet").collapse("hide");
                $("#AllowPasswordFlow").prop("checked", false);
            }

            if (@(openIdSettings.AllowClientCredentialsFlow.ToString().ToLower()) === true) {
                $("#AllowClientCredentialsFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowClientCredentialsFlowFieldSet").collapse("hide");
                $("#AllowClientCredentialsFlow").prop("checked", false);
            }

            if (@(openIdSettings.AllowRefreshTokenFlow.ToString().ToLower()) == true) {
                $("#AllowRefreshTokenFlowFieldSet").collapse("show");
            }
            else {
                $("#AllowRefreshTokenFlowFieldSet").collapse("hide");
                $("#AllowRefreshTokenFlow").prop("checked", false);
            }
        }


        $("#Type").change(function () {
            refreshClientSecret();
        });
        function refreshClientSecret(defaultType) {
            var type = $("#Type");
            $("#ClientSecret").parent().collapse(type.val() === '@ClientType.Confidential' ? "show" : "hide");
            $("#ConfirmClientSecret").parent().collapse(type.val() === '@ClientType.Confidential' ? "show" : "hide");

            var allowClientCredentialsFlow = $("#AllowClientCredentialsFlow");
            if ($("#Type").val() === '@ClientType.Confidential') {
                allowClientCredentialsFlow.removeAttr("disabled");
            }
            else {
                allowClientCredentialsFlow.attr('disabled', true);
                allowClientCredentialsFlow.prop("checked", false);
            }

            var clientSecretHints = $("#AllowPasswordFlowRecommendedHint, #AllowAuthorizationCodeFlowRecommendedHint, #AllowHybridFlowRecommendedHint, #AllowImplicitFlowRecommendedHint, #AllowRefreshTokenFlowRecommendedHint");

            if (defaultType === $("#Type").val())
                return;

            if ($("#Type").val() === '@ClientType.Confidential') {
                clientSecretHints.each(function () { this.innerText = this.innerText.replace("client_id, ", "client_id, client_secret, "); });
            }
            else {
                clientSecretHints.each(function () { this.innerText = this.innerText.replace("client_id, client_secret, ", "client_id, "); });
            }
        }


        $("#AllowRefreshTokenFlow").change(function () {
            refreshOfflineAccessTip();
        });

        function refreshOfflineAccessTip(defaultValue) {
            var offlineAccessHints = $("#AllowPasswordFlowRecommendedHint, #AllowAuthorizationCodeFlowRecommendedHint, #AllowHybridFlowRecommendedHint");
            var allowRefreshTokenFlow = $("#AllowRefreshTokenFlow");
            if (defaultValue === allowRefreshTokenFlow.prop('checked'))
                return;

            if (allowRefreshTokenFlow.prop('checked')) {
                offlineAccessHints.each(function () { this.innerText = this.innerText.replace("roles", "roles, offline_access"); });
            }
            else {
                offlineAccessHints.each(function () { this.innerText = this.innerText.replace(", offline_access", ""); });
            }
        }

        $("#AllowClientCredentialsFlow, #AllowPasswordFlow, #AllowAuthorizationCodeFlow, #AllowHybridFlow, #AllowImplicitFlow, #AllowRefreshTokenFlow").change(function () {
            refreshFlows();
        });

        function refreshFlows() {
            refreshRoleGroup();
            refreshAllowRefreshTokenFlowVisibility();
            refreshRedirectSettings();
        }
        function refreshRoleGroup() {
            $("#RoleGroup").collapse($("#AllowClientCredentialsFlow").prop('checked') ? "show" : "hide");
        }
        function refreshAllowRefreshTokenFlowVisibility() {
            var allowRefreshTokenFlow = $("#AllowRefreshTokenFlow");

            if (($("#AllowPasswordFlow").prop('checked') || $("#AllowAuthorizationCodeFlow").prop('checked') || $("#AllowHybridFlow").prop('checked'))) {
                allowRefreshTokenFlow.removeAttr("disabled");
            }
            else {
                allowRefreshTokenFlow.attr('disabled', true);
                allowRefreshTokenFlow.prop("checked", false);
                $("#AllowRefreshTokenFlowRecommendedHint").collapse("hide");
                refreshOfflineAccessTip();
            }
        }
        function refreshRedirectSettings() {
            var redirectSection = $("#RedirectSection");
            var skipConsent = $("#SkipConsent");

            if (($("#AllowImplicitFlow").prop('checked') || $("#AllowAuthorizationCodeFlow").prop('checked') || $("#AllowHybridFlow").prop('checked'))) {
                redirectSection.collapse("show");
            }
            else {
                skipConsent.prop("checked", false);
                redirectSection.collapse("hide");
            }
        }
    };
    //]]>
</script>